Analysis
-
max time kernel
28s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
29-05-2023 07:32
Behavioral task
behavioral1
Sample
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll
-
Size
64KB
-
MD5
ad1da0b33566db82b94231693ebe714d
-
SHA1
b2bd6ac63261fdf9f56ac04ffd915890107392b2
-
SHA256
accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce
-
SHA512
1c92141b7922c249d48919cea48eb04b21a764674bc0385698d5c8bbd580278bb6cc845f2e0649f6a12a3d87cdc75ef9d340ce88cf5e612a669527343ac9a4d1
-
SSDEEP
768:2WH8osl87UHo76MX6G//NpDmqDwBPcD0umk5RMwsGjxYv7fzv9SSI:F8Rl87IMXfKM0o5RMwsRY
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe PID 1928 wrote to memory of 1956 1928 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\accd07fb568f7e6df0b8631f2146220733c94f71708222f2c455f61b22b9d3ce.dll,#12⤵